genesis:provision should setup password-less SSH

deployment/deploy.rb

@@ -5,6 +5,8 @@
     require "capistrano"
     require "capistrano/ext/multistage"
     require "colored"
+    require "pty"
+    require "expect"
 rescue LoadError
   puts "You need to run: $ gem install capistrano-ext colored"
   exit
@@ -53,16 +55,20 @@
 # Prevent creation of public/images,javascripts,assets
 set :normalize_asset_timestamps, false
 
-# If user is not specified (i.e. `cap -S user=foo`), assume deploy + private key
-if not exists?(:user)
+# If user is not specified (i.e. `cap -S user=foo`), assume deploy
+if exists?(:user)
+    set :override_user, true
+else
     set :user,          "deploy"
-    set :ssh_options,   {
-        :forward_agent  =>  true,
-        :auth_methods   =>  ["publickey"],
-        :keys           =>  ["./provisioning/files/ssh/id_rsa"]
-    }
 end
 
+# default to private key auth
+set :ssh_options,   {
+    :forward_agent  =>  true,
+    :auth_methods   =>  ["publickey"],
+    :keys           =>  ["./provisioning/files/ssh/id_rsa"]
+}
+
 # Auto-detect DB_* constants from wp-config.php
 File.read('./web/wp-config.php').scan(/DB_(\w+)(?:'|"),\s+(?:'|")([^\'\"]*)/).each do | match |
     set "db_#{match[0].downcase}", "#{match[1]}"

deployment/lib/provision.rb

@@ -2,6 +2,50 @@
     namespace :provision do
         desc "Runs project provisioning script on server"
         task :default do
+            if exists?(:override_user)
+                logger.info "SSH workaround for https://github.com/genesis/wordpress/issues/131"
+                orig_ev=$expect_verbose
+                $expect_verbose=true
+                find_servers_for_task(current_task).each do |current_server|
+                  logger.info "Transferring keys to #{current_server}"
+                  puts "\n"
+                  PTY.spawn("scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ./provisioning/files/ssh/id_rsa* #{user}@#{current_server}:~/") do |rd, wt|
+                      rd.expect(/password/i, 1) { |r| wt.puts("#{password}") }
+                      rd.expect("100%", 1) { |r| sleep(2) }
+                  end
+                  puts "\n\n"
+                  logger.info "Setting up passwordless sudoable deploy on #{current_server}"
+                  puts "\n"
+                  PTY.spawn("ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null #{user}@#{current_server}") do |rd, wt|
+                      # sudo make me a sandwich
+                      rd.expect(/password/i, 1) { |r| wt.puts("#{password}") }
+                      rd.expect(/[#$] /, 1) { |r| wt.puts("sudo -s") }
+                      rd.expect(/password/i, 1) { |r| wt.puts("#{password}") }
+                      # create deploy user & .ssh dir
+                      rd.expect(/[#$] /, 1) { |r| wt.puts("id -u deploy || useradd -s /bin/bash -m deploy") }
+                      rd.expect(/[#$] /, 1) { |r| wt.puts("mkdir -p /home/deploy/.ssh") }
+                      rd.expect(/[#$] /, 1) { |r| wt.puts("chmod 755 /home/deploy/.ssh") }
+                      # move scp'd keys into place
+                      rd.expect(/[#$] /, 1) { |r| wt.puts("mv -f ~/id_rsa* /home/deploy/.ssh/") }
+                      rd.expect(/[#$] /, 1) { |r| wt.puts("cp -f /home/deploy/.ssh/id_rsa.pub /home/deploy/.ssh/authorized_keys") }
+                      # fix .ssh permissions
+                      rd.expect(/[#$] /, 1) { |r| wt.puts("chown -R deploy:deploy /home/deploy/.ssh") }
+                      rd.expect(/[#$] /, 1) { |r| wt.puts("chmod -R 600 /home/deploy/.ssh/*") }
+                      # setup passwordless sudo
+                      rd.expect(/[#$] /, 1) { |r| wt.puts("echo '%deploy ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/deploy") }
+                      rd.expect(/[#$] /, 1) { |r| wt.puts("chmod 440 /etc/sudoers.d/deploy") }
+                      # UP AND AWAAAAAAY
+                      rd.expect(/[#$] /, 1) { |r| sleep(2) }
+                      rd.expect(/[#$] /, 1) { |r| wt.puts("exit") }
+                  end
+                end
+                $expect_verbose=orig_ev
+                puts "\n\n"
+                logger.info "Switching to passwordless deploy user"
+                set :user, "deploy"
+                unset :password
+            end
+
             begin
                 tmp = DateTime.now.strftime("/tmp/#{application}.%Y-%m-%d.%H%M%S")